-
SJM
Thank you, will give that a go
-
tom
Hello
-
tom
Does anyone here manage the jabberSPAM rbl list?
-
Licaon_Kter
which one?
-
tom
I am only aware of https://github.com/JabberSPAM/blacklist
-
Licaon_Kter
tom Ge0rG does, why?
-
tom
I am trying to report a spammer to the operator of noname.rs
-
tom
But they do not report any abuse contacts via xeo-0157 nor does their WHOIS info contain any useful information
-
tom
» Domain name: noname.rs » Domain status: Active » Registration date: 26.03.2019 07:30:39 » Modification date: 28.03.2020 07:14:02 » Expiration date: 26.03.2021 07:30:39 » Registrar: NINET Company d.o.o. » » » DNS: vera.ns.cloudflare.com - » DNS: art.ns.cloudflare.com - » » » » Registrant: Individual » » Administrative contact: Individual » » Technical contact: Individual »
-
ernst.on.tour
As I know Martin is the right person
-
tom
Oh, do they run noname?
-
Martin
Me? Why?
-
Martin
dig SRV _xmpp-server._tcp.noname.rs :( ; <<>> DiG 9.16.8-Debian <<>> SRV _xmpp-server._tcp.noname.rs ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11946 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;_xmpp-server._tcp.noname.rs. IN SRV ;; ANSWER SECTION: _xmpp-server._tcp.noname.rs. 120 IN SRV 0 0 5269 xmpp.noname.rs. ;; Query time: 243 msec ;; SERVER: 192.168.178.55#53(192.168.178.55) ;; WHEN: Sa Jan 16 20:37:44 CET 2021 ;; MSG SIZE rcvd: 90
-
Martin
host xmpp.noname.rs
-
Martin
xmpp.noname.rs has address 51.75.149.200
-
Martin
whois -b 51.75.149.200 % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf inetnum: 51.75.149.192 - 51.75.149.207 abuse-mailbox: secretslineserver@gmail.com % This query was served by the RIPE Database Query Service version 1.99 (WAGYU)
-
Martin
tom: ^
-
tom
Oh
-
tom
Thanks
-
e2e.ee
Hello everyone. I hope your weekend is a happy one. Saludos!
-
tom
How do you all handle abuse reports about harassment originating from your servers?
-
croax
mod_firewall, drop messages matching from+to?
-
tom
I see
-
tom
After having to deal with it originating from other servers, I am just thinking about what I will do when it happens from my server
-
tom
I really don't want to or give myself the ability to look at other people's stazas in order to confirm harassment issues
-
tom
I feel that would be a privacy issue
-
Arne
there's spam notification
-
tom
Bouncing from+to may be the best option, and terminating if there's just too much
-
Arne
people can report spam or abusments maybe
-
tom
I worry if it becomes a prevalent enough issue the firewall rules would end up very large
-
tom
Arne: yes I know that but I'm thinking about how to best handle incoming abuse reports when they come to me
-
tom
In a way that respects the privacy of the users and isn't censorship or gets an innocent user banned just because a large group of people all get together and lie about a person
-
tom
False allegations
-
Arne
I wonder if there is an auto block mod for prosody
-
Arne
but I'm often thinking about how to handle this to
-
e2e.ee
Hello
-
e2e.ee
There are two things I do to stop spam originating from e2e.ee: 1) record the IP address when someone logs in, and if it repeats again and again and again, block IP with fail2ban. This prevents scripters from logging in, sending, logging out, logging in, sending, over and over again. 2) mod_throttle_unsolicited (Prosody) - modified to log the IP address in the prosody.log, and then block it with fail2ban. This allows someone to send about 10 messages to people not in the user's contacts, then on the 11th, blocked. Extremely effective method. The spammers basically have to go elsewhere to send spam.
-
Martin
1) might block people with bad mobile connection.
-
Martin
2) is also prone to false positives
-
ernst.on.tour
tom: > In a way that respects the privacy of the users You can't read content of chat, therefor it isn't a privicy validation. Telekom also knows who and how long do you call someone. > and isn't censorship Whithout knowing content ? You are not responsible for crypted content. If somebody was "hurt" he will call the police and the judgement will contact you to offer the data from the "hurter" but you are only able to give him IP and nick. > or gets an innocent user banned just because a large group of people all get together and lie about a person > False allegations Thats a problem, but without knowing content no chance to check
-
e2e.ee
I have tested it thoroughly.... and I get a text message if anyone is blocked.... so I know how often it is triggered (once a month or so).
-
e2e.ee
Yeah, works like a charm!
-
e2e.ee
The spammers try it once and just leave.
-
e2e.ee
It is very easy to identify who it is, and what their messages are - and it is all spam.
-
e2e.ee
If anyone is interested, the code is here:
-
e2e.ee
https://gitlab.com/-/snippets/2062078
-
e2e.ee
regarding method #1 - I have adjusted it to be extremely permissive before it blocks an IP address.
-
e2e.ee
It has blocked my wife's mobile phone - one time, so I just adjusted it to be more permissive.
-
e2e.ee
Whenever someone is blocked by my system, I get a text message immediately, so I can keep an eye on it, and adjust it accordingly. That is what being a sysadmin is all about.
-
tom
» 2) mod_throttle_unsolicited (Prosody) - modified to log the IP address in the prosody.log, and then block it with fail2ban. This allows someone to send about 10 messages to people not in the user's contacts, then on the 11th, blocked. Extremely effective method. The spammers basically have to go elsewhere to send spam. What if someone imports their contact list from another account?
-
e2e.ee
If you jump on and start sending messages to someone not on your list, you won't be blocked unless you send many many messages in rapid succession.
-
e2e.ee
I mean, you have to send like 20 messages in a minute, which is not typical of someone legitimately communicating.
-
e2e.ee
Hey, the server is paid for with my money. If you want to use it, you can play by my rules, or go elsewhere.
-
tom
creep.im: why are you listed in jabberspam blocklist? You have abuse contacts and your clearly a legit server
-
tom
I have legitimate users coming in from your server too
-
tom
I'm hesitant to adopt the jabberspam blocklist automatically because of this
-
tom
e2e.ee: thanks for the very good advice
-
e2e.ee
You are welcome. And... if you want to get messages from your server, about anything... like spammers being blocked, etc.... try my new service: monitor.chat (shameless plug)
-
e2e.ee
it is free!
-
e2e.ee
Funny thing about fail2ban - before I created my XMPP service, I never even heard of it.... really! And Fail2ban is so amazing!
-
tom
Yeah
-
tom
Fail2ban is pretty good. I've used to to stop ddos attacks in conjuction with modsecurity (nginx module not prosody)
-
e2e.ee
🙂👍
-
Licaon_Kter
tom: creep im use mod block strangers and captcha is not always that easy to contact the admin (ironic) also they didn't respond to email for a while Now it's a nice feature..."don't make accounts on our server, as we are on the blocklist"✎ -
Licaon_Kter
tom: creep im uses mod block strangers and captcha is not always that easy to contact the admin (ironic) also they didn't respond to email for a while Now it's a nice feature..."don't make accounts on our server, as we are on the blocklist" ✏
-
tom
I see
-
tom
I wonder if that's the case for any other servers on the jabberspam blocklist
-
tom
Any case, it gives me an excuse to setup a proper spam handling firewall chain rather than just a simple block on the main chain
-
tom
In order to handle blocklist exceptions
-
tom
Like if i want to whitelist a server from an RBL check, but not whitelist them from rate-limiting or restricted areas
-
Licaon_Kter
tom: > I wonder if that's the case for any other servers on the jabberspam blocklist imho creep im has been responsive to spammers block, albeit they know it's a pain to do this account by account Didn't hear anything about the others
-
Martin
They could go for a blacklist removal once they set up 0157 *and* react to abuse reports. Afaik creep.im didn't try to get removed.
-
tom
Ok
-
Martin
> A server operator can ask for removal from the blacklist by opening an issue or PR on this repository. The following conditions must be met to de-list a server: > The server must deploy XEP-0157: Contact Addresses for XMPP Services. > The operator must react to incoming abuse reports in a timely fashion. > The total amount of spam from that server must be insignificant for a watch period of 14 days.
-
Martin
https://github.com/JabberSPAM/blacklist/pull/20 Here you see a timeline what happened before I made PR for creep.im
-
tom
I did not see that
-
tom
Github has a very difficult user interface that does not always work properly